Merge pull request #19444 from MicrosoftDocs/main

Auto Publish – main to live - 2026-01-23 18:30 UTC

Author: learn-build-service-prod[bot]

.openpublishing.redirection.intune.json

@@ -657,7 +657,7 @@
     },
     {
       "source_path": "intune/intune/apps/mamedge-5-end-user-experience.md",
-      "redirect_url": "/intune/intune-service/apps/mamedge-7-end-user-experience",
+      "redirect_url": "/intune/intune-service/apps/mamedge-6-end-user-experience",
       "redirect_document_id": false
     },
     {
@@ -667,32 +667,47 @@
     },
     {
       "source_path": "intune/intune/apps/mamedge-6-security-baseline.md",
-      "redirect_url": "/intune/intune-service/apps/mamedge-6-security-baseline",
+      "redirect_url": "/intune/intune-service/apps/mamedge-overview",
       "redirect_document_id": false
     },
     {
       "source_path": "intune/intune/apps/mamedge-6-troubleshoot.md",
-      "redirect_url": "/intune/intune-service/apps/mamedge-8-troubleshoot",
+      "redirect_url": "/intune/intune-service/apps/mamedge-7-troubleshoot",
       "redirect_document_id": false
     },
     {
       "source_path": "intune/intune-service/apps/mamedge-5-end-user-experience.md",
-      "redirect_url": "/intune/intune-service/apps/mamedge-7-end-user-experience",
+      "redirect_url": "/intune/intune-service/apps/mamedge-6-end-user-experience",
       "redirect_document_id": false
     },
     {
       "source_path": "intune/intune-service/apps/mamedge-6-troubleshoot.md",
-      "redirect_url": "/intune/intune-service/apps/mamedge-8-troubleshoot",
+      "redirect_url": "/intune/intune-service/apps/mamedge-7-troubleshoot",
       "redirect_document_id": false
     },
     {
       "source_path": "intune/intune/apps/mamedge-7-end-user-experience.md",
-      "redirect_url": "/intune/intune-service/apps/mamedge-7-end-user-experience",
+      "redirect_url": "/intune/intune-service/apps/mamedge-6-end-user-experience",
       "redirect_document_id": false
     },
     {
       "source_path": "intune/intune/apps/mamedge-8-troubleshoot.md",
-      "redirect_url": "/intune/intune-service/apps/mamedge-8-troubleshoot",
+      "redirect_url": "/intune/intune-service/apps/mamedge-7-troubleshoot",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "intune/intune-service/apps/mamedge-6-security-baseline.md",
+      "redirect_url": "/intune/intune-service/apps/mamedge-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "intune/intune-service/apps/mamedge-7-end-user-experience.md",
+      "redirect_url": "/intune/intune-service/apps/mamedge-6-end-user-experience",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "intune/intune-service/apps/mamedge-8-troubleshoot.md",
+      "redirect_url": "/intune/intune-service/apps/mamedge-7-troubleshoot",
       "redirect_document_id": false
     },
     {

intune/intune-service/apps/mamedge-1-mamca.md

@@ -1,7 +1,7 @@
 ---
 title: Step 1. Create Microsoft Entra Conditional Access with Microsoft Edge for Business
 description: Step 1. Create Microsoft Entra Conditional Access with Microsoft Edge for Business.
-ms.date: 12/05/2025
+ms.date: 01/23/2026
 ms.topic: how-to
 ms.reviewer: samarti
 ms.custom:
@@ -168,6 +168,4 @@ Use this companion policy to ensure that desktop applications on Windows devices
 
 ## Next step
 
-[:::image type="content" source="./media/securing-data-edge-for-business/securing-data-edge-for-business-steps-02.png" alt-text="Step 2 to create an app protection policy.":::](mamedge-2-app.md)
-
 Continue with [Step 2](mamedge-2-app.md) to create an app protection policy.

intune/intune-service/apps/mamedge-2-app.md

@@ -1,7 +1,7 @@
 ---
 title: Step 2. Create App Protection Policies for Microsoft Edge for Business
 description: Step 2. Create app protection policies for Microsoft Edge for Business across Windows, Android, and iOS platforms.
-ms.date: 12/05/2025
+ms.date: 01/23/2026
 ms.topic: how-to
 ms.reviewer: samarti
 ms.custom:
@@ -614,6 +614,4 @@ Level 3 configuration provides the highest level of data protection and is recom
 
 ## Next step
 
-[:::image type="content" source="./media/securing-data-edge-for-business/securing-data-edge-for-business-steps-03.png" alt-text="Step 3 to integrate Mobile Threat Defense with Microsoft Edge for Business.":::](mamedge-3-scc.md)
-
 Continue with [Step 3](mamedge-3-scc.md) to integrate Mobile Threat Defense with Microsoft Edge for Business.

intune/intune-service/apps/mamedge-3-scc.md

@@ -1,7 +1,7 @@
 ---
 title: Step 3. Integrate Mobile Threat Defense for App Protection Policy
 description: Step 3. Integrate Mobile Threat Defense signals with Microsoft Edge for Business app protection policies in Microsoft Intune.
-ms.date: 12/05/2025
+ms.date: 01/23/2026
 ms.topic: how-to
 ms.reviewer: samarti
 ms.custom:
@@ -118,6 +118,4 @@ Use the following steps to configure the MTD Connector.
 
 ## Next step
 
-[:::image type="content" source="./media/securing-data-edge-for-business/securing-data-edge-for-business-steps-04.png" alt-text="Step 2 to create an app protection policy.":::](mamedge-4-acp-edge.md)
-
 Continue with [Step 4](mamedge-4-acp-edge.md) to create app configuration policies for Microsoft Edge for Business.

intune/intune-service/apps/mamedge-4-acp-edge.md

@@ -1,7 +1,7 @@
 ---
 title: Step 4. Create App Configuration Policies for Microsoft Edge for Business
 description: Step 4. Create app configuration policies for Microsoft Edge for Business across Windows, Android, and iOS platforms.
-ms.date: 12/05/2025
+ms.date: 01/23/2026
 ms.topic: how-to
 ms.reviewer: samarti
 ms.custom:
@@ -21,6 +21,29 @@ This step defines three progressive ACP configurations per platform, Level 1 (Ba
 > [!NOTE]
 > App configuration policies customize browser features and behavior. They complement app protection policies that focus on data protection.
 
+## Policy Selection Based on Device Enrollment
+
+App Configuration Policies (this step) are designed for non-enrolled devices using the Managed Apps configuration channel, while Settings Catalog policies (Step 5) are designed for enrolled devices with device-level controls.
+
+> [!IMPORTANT]
+> Choose the appropriate policy type based on device enrollment status to avoid policy conflicts.
+
+## Security Level Selection
+
+The three security levels (Level 1, 2, 3) are not cumulative - they represent progressively stricter configurations designed for different user roles and data sensitivity requirements.
+
+### Implementation Guidance
+
+- Evaluate your scenarios and user roles to determine which level is appropriate for each user group
+- Deploy only one level per user/device, not all three levels simultaneously
+- Align security level assignment with business role and data access requirements
+
+### Example Assignments
+
+- **Level 1 (Basic)**: General users, standard productivity workflows (~80% of users)
+- **Level 2 (Enhanced)**: Finance, HR, IT staff handling sensitive data (~15% of users)
+- **Level 3 (High)**: Executives, SecOps, Legal, users with access to highly confidential data (~5% of users)
+
 ::: zone pivot="windows"
 
 ## App configuration policies for Windows
@@ -802,8 +825,6 @@ Level 3 configuration enforces maximum security with zero-trust controls and com
 
 ::: zone-end
 
-## Next steps
-
-[:::image type="content" source="./media/securing-data-edge-for-business/securing-data-edge-for-business-steps-05.png" alt-text="Step 2 to create an app protection policy.":::](mamedge-5-settings-catalog.md)
+## Next step
 
 Continue to [Step 5](mamedge-5-settings-catalog.md) to configure Settings Catalog policies for enrolled Windows and macOS devices.

intune/intune-service/apps/mamedge-5-settings-catalog.md

@@ -1,7 +1,7 @@
 ---
 title: Step 5. Create Settings Catalog policies for Microsoft Edge for Business
 description: Step 5. Create Settings Catalog policies for Microsoft Edge for Business on Windows and macOS.
-ms.date: 12/05/2025
+ms.date: 01/23/2026
 ms.topic: how-to
 ms.reviewer: samarti
 ms.custom:
@@ -19,6 +19,31 @@ Settings Catalog policies provide deep device-level control for Microsoft Edge b
 > [!NOTE]
 > Settings Catalog requires device enrollment and provides device-level controls. For unmanaged devices, use App Protection Policies (Step 2) and App Configuration Policies (Step 4).
 
+## Policy Selection for Enrolled Devices
+
+App Configuration Policies (Step 4) are designed for non-enrolled devices and use the Managed Apps configuration channel, while Settings Catalog policies (this step) are designed for enrolled devices and provide device-level controls.
+
+> [!IMPORTANT]
+> Never deploy both App Configuration Policies and Settings Catalog policies targeting Microsoft Edge to the same client, as this creates policy conflicts.
+
+For enrolled Windows devices, you can choose to use either Settings Catalog policies (recommended for flexibility) or the Microsoft Edge Security Baseline from **Endpoint Security** > **Security baselines**, but not both simultaneously as this creates conflicts.
+
+## Security Level Selection
+
+The three security levels (Level 1, 2, 3) are not cumulative - they represent progressively stricter configurations designed for different user roles and data sensitivity requirements.
+
+### Implementation Guidance
+
+- Evaluate your scenarios and user roles to determine which level is appropriate for each user group
+- Deploy only one level per user/device, not all three levels simultaneously
+- Align security level assignment with business role and data access requirements
+
+### Example Assignments
+
+- **Level 1 (Basic)**: General users, standard productivity workflows (~80% of users)
+- **Level 2 (Enhanced)**: Finance, HR, IT staff handling sensitive data (~15% of users)
+- **Level 3 (High)**: Executives, SecOps, Legal, users with access to highly confidential data (~5% of users)
+
 ::: zone pivot="windows"
 
 ## Settings Catalog for Windows
@@ -468,8 +493,6 @@ After deploying Settings Catalog policies:
 
 ::: zone-end
 
-## Next steps
-
-[:::image type="content" source="./media/securing-data-edge-for-business/securing-data-edge-for-business-steps-06.png" alt-text="Step 2 to create an app protection policy.":::](mamedge-6-security-baseline.md)
+## Next step
 
-Continue to [Step 6](mamedge-6-security-baseline.md) to deploy the Microsoft Edge security baseline.
+Continue to [Step 6](mamedge-6-end-user-experience.md) to understand the Microsoft Edge for Business end user experience.

…ce/apps/mamedge-7-end-user-experience.md …ce/apps/mamedge-6-end-user-experience.mdintune/intune-service/apps/mamedge-7-end-user-experience.md renamed to intune/intune-service/apps/mamedge-6-end-user-experience.md intune/intune-service/apps/mamedge-7-end-user-experience.md renamed to intune/intune-service/apps/mamedge-6-end-user-experience.md

@@ -1,7 +1,7 @@
 ---
-title: Step 7. Understand Microsoft Edge for Business End User Experience for Windows
-description: Step 7. Understand Microsoft Edge for Business end user experience Windows.
-ms.date: 12/05/2025
+title: Step 6. Understand Microsoft Edge for Business End User Experience for Windows
+description: Step 6. Understand Microsoft Edge for Business end user experience Windows.
+ms.date: 01/23/2026
 ms.topic: how-to
 ms.reviewer: samarti
 ms.custom:
@@ -11,9 +11,9 @@ ms.collection:
 - FocusArea_Apps_AppManagement
 ---
 
-# Step 7. Understand Microsoft Edge for Business End User Experience for Windows
+# Step 6. Understand Microsoft Edge for Business End User Experience for Windows
 
-Now that you configured your Microsoft Entra Conditional Access policy, app protection policies, app configuration policies, settings catalog, and security baseline, you can launch **Microsoft Edge for Business** using a managed or unmanaged device.
+Now that you configured your Microsoft Entra Conditional Access policy, app protection policies, app configuration policies, and settings catalog, you can launch **Microsoft Edge for Business** using a managed or unmanaged device.
 
 The end user experience in Microsoft Edge for Business is designed to be productive, secure, and user-friendly. This secure enterprise browser experience includes the following features:
 
@@ -89,6 +89,4 @@ Intune displays notifications when a policy requirement isn’t met. The followi
 
 ## Next step
 
-[:::image type="content" source="./media/securing-data-edge-for-business/securing-data-edge-for-business-steps-08.png" alt-text="Step 2 to create an app protection policy.":::](mamedge-8-troubleshoot.md)
-
-Continue with [Step 8](mamedge-8-troubleshoot.md) to troubleshoot Microsoft Edge for Business.
+Continue with [Step 7](mamedge-7-troubleshoot.md) to troubleshoot Microsoft Edge for Business.